BOU ABDO Jacques
Team : Phare
Departure date : 12/18/2014
: Guy PUJOLLE
Efficient and Secure Mobile Cloud Networking
Mobile cloud computing is a very strong candidate for the title "Next Generation Network" which empowers mobile users with extended mobility, service continuity and superior performance. Users can expect to execute their jobs faster, with lower battery consumption and affordable prices; however this is not always the case. Various mobile applications have been developed to take advantage of this new technology, but each application has its own requirements. Several mobile cloud architectures have been proposed but none was suitable for all mobile applications which resulted in lower customer satisfaction. In addition to that, the absence of a valid business model to motivate investors hindered its deployment on production scale.
This dissertation proposes a new mobile cloud architecture which positions the mobile operator at the core of this technology equipped with a revenue-making business model. This architecture, named OCMCA (Operator Centric Mobile Cloud Architecture), connects the user from one side and the Cloud Service Provider (CSP) from the other and hosts a cloud within its network. The OCMCA/user connection can utilize multicast channels leading to a much cheaper service for the users and more revenues, lower congestion and rejection rates for the operator. The OCMCA/CSP connection is based on federation, thus a user who has been registered with any CSP, can request her environment to be offloaded to the mobile operator's hosted cloud in order to receive all OCMCA's services and benefits.
The contributions of this dissertation are multifold. First, we propose OCMCA and prove that it has superior performance on all other mobile cloud architectures. The business model of this architecture focuses on user's subscription freedom, i.e. the user can be subscribed with any cloud provider and still be able to connect through this architecture to her environment with the help of offloading and federation. Since OCMCA offers services to mobile users who should be authenticated first with the mobile operator before authenticating with the CSP to gain access to her environment and registered services, we propose a robust authentication and single-sign-on protocol, named EC-AKA3 (Ensured Confidentiality Authentication and Key Agreement protocol version 3), capable of performing both authentications in parallel. This protocol achieves faster response than currently existing mechanisms and achieves secure and private authentication at both NAS (Non-Access Stratum) and application layers.
Second, we study privacy problems in various mobile cloud applications and show that privacy preserving mechanisms implemented at existing mobile cloud architectures fail to offer satisfactory levels. We also show that OCMCA can offer higher privacy levels for the discussed applications and can be extended to become a lawful interception interface.
Third, we prove, using a mathematical model, that our proposition to use federation is financially feasible. We also prove that unmonitored federation might result in catastrophic impact on performance, delay and network congestion. To solve this problem we propose a new cloud federation manager called BBCCFM (Broker-Based Cross-Cloud Federation Manager), to be used by OCMCA. This manager facilitates the selection of the federation offers while monitoring it to prevent the shown hazards. BBCCFM results in lower delay, traffic and cost by consolidating requests at a centralized node (Broker) and forming economy of scale. BBCCFM has a comparable availability to other distributed mechanisms and is compliant with the recommendations of "Cloud Security Alliance".
: 12/18/2014 - 09h30 - Jussieu